Noob Ransomware

The devious Noob Ransomware can hide in spam emails with very misleading but convincing messages. If you are not cautious, you might open a file or click a link leading to the execution of the infection, which, of course, is silent, and you might not notice it. If you figure out that something is wrong, you might have time to find and remove the malicious components that belong to this threat; however, in most cases, the victims of this malware discover it when it is too late to do something to stop it. The threat has several tasks. First of all, it adds itself to the RUN registry so that it could start running when you start your Windows operating system. Next, the infection encrypts your files, and it is believed that it uses the RSA-1024 encryption algorithm. Finally, the ransomware creates a file to make you aware of the demands that its creator has. Can you fix the situation by deleting Noob Ransomware? Although it is very important that you remove this threat, you cannot get your files decrypted by eliminating it. The only thing that can help you at this moment is a decryption key, and it might be inaccessible.

Noob Ransomware is part of the CryptoMix ransomware family, and so it is not surprising that it is very similar to Mole Ransomware, Revenge Ransomware, and many other infections that we have discussed in other articles. The threat is most similar to Zayka Ransomware, and both of these threats even use the same email address (admin@zayka.pro) for communication. This address is represented via a file called “_HELP_INSTRUCTION.TXT” and you should be able to find it in all folders that contain the encrypted files. Speaking of these files, you might be unable to recognize them because they will be renamed using strings of random numbers and letters. The encrypted files are unreadable, and they have the “.NOOB” extension appended to them. The data within the files is encrypted, and a special key must be applied to change things back to normal. Cyber criminals, of course, are in the possession of this key, and they might have no intention of providing it to you. This proves how important it is to back up sensitive data. Even if you do not face threats similar to Noob Ransomware in the future, you might face physical damage to the computer that could lead to the loss of your files. If your files are backed up, nothing should scare you.

Which ransom note were you introduced to? Was it the one informing you that you can get your files back by sending a decryption ID to admin@zayka.pro, or the one that provided you with more information? The latter version introduces you to the encryption cipher and informs you that you need to pay for the so-called “private key” within 72 hours to ensure file decryption. The ransom fee is not specified, but you would be introduced to it if you emailed cyber criminals. Keep in mind that emailing them can be risky because they could expose you to more malicious files. When it comes to paying the ransom, you are at great risk of losing your money for nothing. The chances of you getting a decryption key and then decrypting your files are very very slim. As you can probably guess, we do not recommend wasting your money. What we recommend is removing Noob Ransomware.

How much experience do you have removing malware? If you do not have much, you probably should install anti-malware software to remove Noob Ransomware automatically. What if you can follow the instructions below and erase the threat yourself? Even if that is the case, we still recommend using anti-malware software because only it can guarantee protection afterward. If you do not protect your operating system, malicious infections could slither in again, and that is not what you want, is it? As we discussed already, backing up your personal files is important as well. Speaking of files, what should you do about them if you cannot decrypt them? There is a great chance that a decryptor will be created in the future, and so you should stay hopeful. If you end up losing your files, take this as a reminder to take better care of both your operating system and your personal files.

Noob Ransomware Removal

Launch RUN by tapping Win+R keys and then enter regedit.exe into the dialog box.

Navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

Delete the values named 00FF0EBCF2F2 and BC0EBCF2F2 (note that the names could be different).

Navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce.

Delete the value named *BC0EBCF2F2 (note that the name could be different).

Launch Explorer by tapping Win+E and then enter %APPDATA% into the bar at the top.

Delete the ransomware file named BC0EBCF2F2.exe (note that the name could be different).

Delete the file named HELP_INSTRUCTION.TXT (note that it might have multiple copies).

Empty Recycle Bin and then runa full system scan just to check if you have not overlooked leftovers.